accounts: use "evobsd_internal_group" for SSH authentication

1 year ago · f0ecc79696
parent ad025bf507
commit f0ecc79696
4 changed files with 17 additions and 1 deletions
--- a/2
+++ b/2
@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ### Changed

+- accounts: use "evobsd_internal_group" for SSH authentication
+
 ### Fixed

 ### Removed
--- a/roles/accounts/tasks/main.yml
+++ b/roles/accounts/tasks/main.yml
@ -1,4 +1,9 @@
 ---
+- name: "Create {{ evobsd_internal_group }} group"
+  group:
+    name: "{{ evobsd_internal_group }}"
+    system: true
+
 - name: "Create {{ evobsd_ssh_group }} group"
  group:
    name: "{{ evobsd_ssh_group }}"
@ -69,7 +74,7 @@
    block: |
      Match Address {{ evolix_trusted_ips | join(',') }}
          PasswordAuthentication yes
-      Match Group {{ evobsd_ssh_group }}
+      Match Group {{ evobsd_internal_group }}
          PasswordAuthentication no
    insertafter: EOF
    validate: '/usr/sbin/sshd -t -f %s'
--- a/roles/accounts/tasks/user.yml
+++ b/roles/accounts/tasks/user.yml
@ -38,6 +38,14 @@
  tags:
    - admin

+- name: "Add {{ user.name }} to {{ evobsd_internal_group }} group"
+  user:
+    name: "{{ user.name }}"
+    groups: "{{ evobsd_internal_group }}"
+    append: true
+  tags:
+    - admin
+
 - name: "Add {{ user.name }} to {{ evobsd_ssh_group }} group"
  user:
    name: "{{ user.name }}"
--- a/vars/main.yml
+++ b/vars/main.yml
@ -23,6 +23,7 @@
 # evomaintenance_urgency_from: mama.doe@example.com
 # evomaintenance_urgency_tel: "06.00.00.00.00"
 #
+# evobsd_internal_group: "foo"
 # evobsd_ssh_group: "foo-ssh"
 # evobsd_sudo_group: "foo-sudo"
 #